Sorry if this duplicates another message, I just get a digest of the list traffic, so I'm often behind.
I run Dansguardian (on port 8080) and Squid (on port 3128) on 10.0.1.50, and my dd-wrt router is 10.0.1.1 (connected to the internet via cablemodem). These are the rules I use on 10.0.1.1: iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -d 10.0.1.1 -j ACCEPT iptables -t nat -A PREROUTING -i br0 -s ! 10.0.1.50 -p tcp --dport 80 -j DNAT --to 10.0.1.50:8080 iptables -t nat -A POSTROUTING -o br0 -s 10.0.1.0/24 -d 10.0.1.50 -j SNAT --to 10.0.1.1 iptables -I FORWARD -s 10.0.1.0/24 -d 10.0.1.50 -i br0 -p tcp --dport 8080 -j ACCEPT It grabs all outbound port 80 (web) traffic and diverts it to dansguardian, which uses squid as a caching proxy (see the tutorials for setting up squid as a transparent proxy - otherwise you get very weird errors when trying to access the internet). I believe br0 is the LAN side. I hope that helps. Note: be sure to verify that your proxy port is not open on the WAN side. Filtered or not, someone could use your connection for something you wouldn't like. Jeremy /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
